Trust

Security at EditMyPDF

Learn how EditMyPDF approaches document security, AI processing, accounts, payments, internal access, and abuse prevention.

Last updated July 7, 2026

Trust Center

EditMyPDF is built for people who work with documents that may contain private, business, financial, academic, or personal information. Security is therefore not an optional feature. It is part of how we design document uploads, AI-assisted editing, OCR, conversion, support, billing, and abuse prevention.

This page explains our current security approach in plain language. It is meant to complement our Privacy Policy and Terms of Service, not replace them.

Security principles

We follow a few practical principles when designing EditMyPDF:

  • Process only what is needed. The service needs access to the files, prompts, instructions, and outputs required to complete the task you request.
  • Avoid turning document processing into permanent storage. EditMyPDF is a workflow tool, not a document archive or backup drive.
  • Limit access. Internal access to retained account, billing, run, and document-related data is intended to be limited to authorized personnel on a need-to-know basis.
  • Use trusted infrastructure and service providers. We rely on established providers for hosting, authentication, billing, AI processing, OCR, fraud prevention, analytics, and selected integrations.
  • Protect the platform from abuse. Anti-abuse controls help protect the service, prevent trial circumvention, reduce fraud, and keep the product available for legitimate users.
  • Be honest about limitations. No online service can guarantee zero risk. Users should upload only the data needed for the task and avoid submitting unnecessary sensitive information.

What we protect

Depending on the feature you use, EditMyPDF may process:

  • uploaded PDF files;
  • uploaded images used in document workflows;
  • Word, Excel, PowerPoint, HTML, TXT, CSV, and image files used for conversion;
  • prompts and editing instructions;
  • OCR text, extracted text, and intermediate processing context;
  • generated outputs and downloadable files;
  • account identifiers and authentication data;
  • billing and subscription metadata;
  • technical logs, job identifiers, timestamps, route information, and security signals;
  • support context needed to investigate a problem you report.

We do not design these systems to create a long-term archive of your documents. File retention is limited and described in detail on the File Retention page.

Hosting and infrastructure

Our current primary application hosting and storage are deployed on AWS in Paris, France (eu-west-3). Other providers may process data in other regions depending on the feature, provider, integration, or legal transfer mechanism involved.

Infrastructure safeguards may include provider-managed security controls, network-level protections, application monitoring, request validation, access management, logging, and backup/disaster-recovery processes. The exact implementation may evolve as the service changes.

Secure document workflows

A typical document workflow may involve several steps:

  1. You upload or import a file.
  2. The file is staged so the service can validate it and prepare the selected workflow.
  3. You submit a run, such as AI edit, OCR, conversion, compression, metadata editing, split, or merge.
  4. EditMyPDF and selected service providers process the file as needed to perform the requested task.
  5. The output is made available for download.
  6. The file and processing artifacts are deleted according to the retention windows described in our policies.

For AI and OCR features, the service may send selected prompts, extracted text, rendered page images, file references, or focused visual context to third-party model or document-processing providers when that is necessary to complete the feature you request.

Account and session security

Some features may work without an account, while others require authentication or a paid subscription. Authentication may be handled through Auth0. Account and session controls are used to help maintain secure access, connect paid entitlements to an account, protect settings, and support account-related workflows.

You are responsible for keeping your account credentials secure. Contact us promptly if you believe your account, email address, browser session, or payment access has been compromised.

Payment security

Payments and subscriptions are processed through Stripe. EditMyPDF does not locally store full card numbers or card security codes. Local billing records may include limited Stripe-related identifiers, subscription status, invoice identifiers, product and price identifiers, paid-access expiry, and other limited billing metadata required to operate subscriptions and comply with accounting obligations.

Internal access

Internal access is intended to be restricted to authorized personnel who need it to operate the service, resolve support issues, investigate abuse, respond to incidents, or comply with legal obligations.

Where possible, operational views are designed to expose reduced information such as identifiers, timestamps, statuses, route information, limited prompt excerpts, and diagnostic metadata instead of full document content. In some concrete cases, support or incident handling may require access to retained run-level artifacts that are still within their retention window.

Anti-abuse and fraud prevention

EditMyPDF includes controls intended to protect the platform from misuse. These may include rate limits, usage quotas, trial limitation, device-intelligence signals, replay protection, request checks, activity logs, and automated or manual review of suspicious activity.

These controls help prevent:

  • trial abuse;
  • payment fraud;
  • automated scraping;
  • high-volume misuse;
  • attempts to bypass feature limits;
  • use of the service to create fake, deceptive, or unlawful documents.

AI output review

AI-assisted editing, OCR, extraction, translation, and rewriting can be useful, but they are not perfect. You should review every output before signing, filing, sending, publishing, or relying on it.

Pay special attention to:

  • names;
  • dates;
  • numbers;
  • totals;
  • legal language;
  • translated text;
  • formatting;
  • page order;
  • signatures;
  • stamps;
  • metadata;
  • redactions;
  • official or evidentiary documents.

What users can do to improve security

You can reduce risk by following these habits:

  • Upload only the pages or files needed for the task.
  • Remove unnecessary personal or confidential information before processing.
  • Avoid uploading highly sensitive documents unless the workflow genuinely requires it.
  • Download the finished file promptly.
  • Review the output carefully before using it.
  • Do not use AI output as legal, tax, accounting, medical, financial, immigration, or professional advice.
  • Do not use EditMyPDF to falsify documents or mislead others.
  • Contact support quickly if something looks wrong.

Report a security or abuse concern

For security questions, suspected misuse, unlawful-content reports, or account concerns, contact:

contact@editmypdf.ai

For privacy or data-protection questions, you can also contact:

dpo@editmypdf.ai

When contacting us, include the account email, approximate date and time, run or job identifier if available, and a clear description of the concern. Avoid sending sensitive files unless they are necessary for the support case.

FAQ

Does EditMyPDF store my files forever?

No. EditMyPDF is designed as a processing service, not a permanent file-storage service. Uploaded files, prompts, outputs, and processing artifacts are retained only for limited operational windows, subject to the retention rules described on the File Retention page.

Can EditMyPDF staff see my documents?

Routine support should not become a separate long-term archive of your files. However, authorized personnel may access retained account, run, log, document, or output data on a need-to-know basis when necessary for support, incident response, abuse prevention, legal compliance, or service operation.

Are payments handled by EditMyPDF directly?

Payments are processed through Stripe. EditMyPDF does not locally store full card numbers or card security codes.

Is AI output guaranteed to be correct?

No. AI-assisted and OCR-based features can make mistakes. Always review the final output before relying on it.

Security at EditMyPDF | EditMyPDF